Skills
skills/storyclaw-official/talenthub/storyclaw-polymarket-trading/Gen Agent Trust Hub

storyclaw-polymarket-trading

Fail

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill manages and stores sensitive blockchain private keys in unencrypted JSON files within the credentials/ directory. Storing raw private keys on the filesystem is a high-risk security practice that could lead to account compromise.
  • [COMMAND_EXECUTION]: The skill instructions provide shell commands to modify the user's crontab for automated trade execution. Additionally, the Python scripts frequently use subprocess.run to execute internal scripts and system notification tools like openclaw, which introduces a wide execution surface.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the installation of the py-clob-client Python package and interacts with external Polymarket API services (clob.polymarket.com and gamma-api.polymarket.com) to fetch market data and perform trades.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 16, 2026, 08:22 AM